(a) Establishment, Purposes, and Duties.—

(1) Establishment.—There is established a Federal Secure Cloud Advisory Committee (referred to in this section as the "Committee") to ensure effective and ongoing coordination of agency adoption, use, authorization, monitoring, acquisition, and security of cloud computing products and services to enable agency mission and administrative priorities.

(2) Purposes.—The purposes of the Committee are the following:

(A) To examine the operations of FedRAMP and determine ways that authorization processes can continuously be improved, including the following:

(i) Measures to increase agency reuse of FedRAMP authorizations.

(ii) Proposed actions that can be adopted to reduce the burden, confusion, and cost associated with FedRAMP authorizations for cloud service providers.

(iii) Measures to increase the number of FedRAMP authorizations for cloud computing products and services offered by small businesses concerns (as defined by section 3(a) of the Small Business Act (15 U.S.C. 632(a)).

(iv) Proposed actions that can be adopted to reduce the burden and cost of FedRAMP authorizations for agencies.

(B) Collect information and feedback on agency compliance with and implementation of FedRAMP requirements.

(C) Serve as a forum that facilitates communication and collaboration among the FedRAMP stakeholder community.

(3) Duties.—The duties of the Committee include providing advice and recommendations to the Administrator, the FedRAMP Board, and agencies on technical, financial, programmatic, and operational matters regarding secure adoption of cloud computing products and services.

(b) Members.—

(1) Composition.—The Committee shall be comprised of not more than 15 members who are qualified representatives from the public and private sectors, appointed by the Administrator, in consultation with the Director, as follows:

(A) The Administrator or the Administrator's designee, who shall be the Chair of the Committee.

(B) At least 1 representative each from the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology.

(C) At least 2 officials who serve as the Chief Information Security Officer within an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.

(D) At least 1 official serving as Chief Procurement Officer (or equivalent) in an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.

(E) At least 1 individual representing an independent assessment service.

(F) At least 5 representatives from unique businesses that primarily provide cloud computing services or products, including at least 2 representatives from a small business concern (as defined by section 3(a) of the Small Business Act (15 U.S.C. 632(a))).

(G) At least 2 other representatives of the Federal Government as the Administrator determines necessary to provide sufficient balance, insights, or expertise to the Committee.

(2) Deadline for appointment.—Each member of the Committee shall be appointed not later than 90 days after the date of enactment of this section.

(3) Period of appointment; vacancies.—

(A) In general.—Each non-Federal member of the Committee shall be appointed for a term of 3 years, except that the initial terms for members may be staggered 1-, 2-, or 3-year terms to establish a rotation in which one-third of the members are selected each year. Any such member may be appointed for not more than 2 consecutive terms.

(B) Vacancies.—Any vacancy in the Committee shall not affect its powers, but shall be filled in the same manner in which the original appointment was made. Any member appointed to fill a vacancy occurring before the expiration of the term for which the member's predecessor was appointed shall be appointed only for the remainder of that term. A member may serve after the expiration of that member's term until a successor has taken office.

(c) Meetings and Rules of Procedures.—

(1) Meetings.—The Committee shall hold not fewer than 3 meetings in a calendar year, at such time and place as determined by the Chair.

(2) Initial meeting.—Not later than 120 days after the date of enactment of this section, the Committee shall meet and begin the operations of the Committee.

(3) Rules of procedure.—The Committee may establish rules for the conduct of the business of the Committee if such rules are not inconsistent with this section or other applicable law.

(d) Employee Status.—

(1) In general.—A member of the Committee (other than a member who is appointed to the Committee in connection with another Federal appointment) shall not be considered an employee of the Federal Government by reason of any service as such a member, except for the purposes of section 5703 of title 5, relating to travel expenses.

(2) Pay not permitted.—A member of the Committee covered by paragraph (1) may not receive pay by reason of service on the Committee.

(e) Applicability to the Federal Advisory Committee Act.—Section 14 of the Federal Advisory Committee Act (5 U.S.C. App.) ¹ shall not apply to the Committee.

(f) Detail of Employees.—Any Federal Government employee may be detailed to the Committee without reimbursement from the Committee, and such detailee shall retain the rights, status, and privileges of his or her regular employment without interruption.

(g) Postal Services.—The Committee may use the United States mails in the same manner and under the same conditions as agencies.

(h) Reports.—

(1) Interim reports.—The Committee may submit to the Administrator and Congress interim reports containing such findings, conclusions, and recommendations as have been agreed to by the Committee.

(2) Annual reports.—Not later than 540 days after the date of enactment of this section, and annually thereafter, the Committee shall submit to the Administrator and Congress a report containing such findings, conclusions, and recommendations as have been agreed to by the Committee.